Page 1 of 2
Import from log file does not show any results
Posted: Tue Jun 02, 2015 1:53 pm
by gsl_ops_practice
Hello,
I am trying to import log files from 23rd of may, following the instructions as specified in the "Import from file" page. The import appears to succeed, the index grows, but I am not seeing anything in the dashboard regardless of what date range I try, last 30 days or last year. Running latest version, clean deploy from an OVF, log file I am importing is 150MB.
Any thoughts?
Thanks,
Alex
Re: Import from log file does not show any results
Posted: Tue Jun 02, 2015 1:59 pm
by jolson
Could you please post the rsyslog configuration that you're using as well as an excerpt from the file you're attempting to import?
Re: Import from log file does not show any results
Posted: Tue Jun 02, 2015 2:06 pm
by gsl_ops_practice
Hello,
I am not using rsyslog at all, just doing manual imports for analysis.
File excerpt is below:
Code: Select all
00:00:01.810 1810 1 DOCQ:/000176 XX XX 24 XX1111 0 0 0 0 0 N P 1 1-RGG 21 0-CG OK H..012345678
00:00:01.810 1810 1 DOCS:/PRS/28 XX XX 24 XX1111 8 0 0 0 ZZ 1 N P 1 1-RGG 21 2-C+AP OK H..012345678
00:00:02.904 2904 1 DOCQ:/000176 YY YY 24 YY1250 0 0 0 0 N P 1 1-RGG 21 0-CG OK H..012345679
Re: Import from log file does not show any results
Posted: Tue Jun 02, 2015 2:15 pm
by gsl_ops_practice
I just realized there is no date at the beginning of each log line. I added the that manually and tried the import again, same results, nothing shows up in the dashboard.
Code: Select all
2015-05-23 00:00:01.810 1810 1 DOCQ:/000176 XX XX 24 XX1111 0 0 0 0 0 N P 1 1-RGG 21 0-CG OK H..012345678
2015-05-23 00:00:01.810 1810 1 DOCS:/PRS/28 XX XX 24 XX1111 8 0 0 0 ZZ 1 N P 1 1-RGG 21 2-C+AP OK H..012345678
2015-05-23 00:00:02.904 2904 1 DOCQ:/000176 YY YY 24 YY1250 0 0 0 0 N P 1 1-RGG 21 0-CG OK H..012345679
Re: Import from log file does not show any results
Posted: Tue Jun 02, 2015 2:18 pm
by jolson
Can you show me the command you're using to import those logs? I'll try and reproduce this on my end.
Re: Import from log file does not show any results
Posted: Tue Jun 02, 2015 2:26 pm
by gsl_ops_practice
Code: Select all
python shipper.py -f application.log.2015-05-23 program:apptrv2 | netcat 10.10.10.10 2057
Re: Import from log file does not show any results
Posted: Tue Jun 02, 2015 2:45 pm
by jolson
I received them in the GUI instantly with a timestamp of today when I shipped them.
I created a file called 'testfile' and put your log lines inside of it. I then ran the following command:
Code: Select all
python shipper.py -f testfile program:apptrv2 | nc 192.168.x.x 2057
2015-06-02 14_40_51-Dashboard • Nagios Log Server - Firefox Developer Edition.png
Where are you shipping the logs from? If you're shipping them from NLS itself, try using 127.0.0.1 instead of the private IP. Ensure that port 2057 is open using telnet:
Re: Import from log file does not show any results
Posted: Tue Jun 02, 2015 2:56 pm
by gsl_ops_practice
I shipping the logs from a different host, port 2057 responds to telnet as it should.
Code: Select all
telnet 10.0.xx.xx 2057
Trying 10.0.xx.xx...
Connected to 10.0.xx.xx.
Escape character is '^]'.
Can you please tell me where you got the screenshot you posted? I am looking just in the dashboard and it is empty.
I re-ran the test with exactly the same data I posted, as per below, nothing shows up in the dashboard.
Code: Select all
python shipper.py -f test.log program:test | netcat 10.0.xx.xx 2057
Re: Import from log file does not show any results
Posted: Tue Jun 02, 2015 3:00 pm
by jolson
I navigated to the 'Dashboard' screen in Nagios Log Server. Picture below.
2015-06-02 14_58_29-Dashboard • Nagios Log Server - Firefox Developer Edition.png
The dashboard should be filling up with logs even if you have no host pointed to it - by default NLS will log to itself. Your logs should show up there with the rest of them.
Could you try shipping the logs from NLS itself? How did the telnet test go?
Re: Import from log file does not show any results
Posted: Tue Jun 02, 2015 3:18 pm
by gsl_ops_practice
Ok, we have another issue then. I deployed this from an OVF template on an ESX host, and as you said Nagios Log Server is supposed to log its own syslog entries, but that is not happening. I have 0 events and it is not changing since deployment 2 hours ago.
If this is on a private network without internet access, can it make any difference?